Skip to content

N
nexpie-grafana-theme
Commit 1b535581 by Emil Hessman Committed by GitHub
Options

Chore: Rewrite brute force login protection test to standard library (#29986)

parent d236eabe
Showing with 113 additions and 118 deletions
pkg/login/brute_force_login_protection_test.go
...@@ -6,132 +6,127 @@ import ( ...@@ -6,132 +6,127 @@ import (
"github.com/grafana/grafana/pkg/bus" "github.com/grafana/grafana/pkg/bus"
"github.com/grafana/grafana/pkg/models" "github.com/grafana/grafana/pkg/models"
"github.com/grafana/grafana/pkg/setting" "github.com/grafana/grafana/pkg/setting"
. "github.com/smartystreets/goconvey/convey" "github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
) )
func TestLoginAttemptsValidation(t *testing.T) { func TestValidateLoginAttempts(t *testing.T) {
Convey("Validate login attempts", t, func() { testCases := []struct {
Convey("Given brute force login protection enabled", func() { name string
cfg := setting.NewCfg() loginAttempts int64
cfg.DisableBruteForceLoginProtection = false cfg *setting.Cfg
query := &models.LoginUserQuery{ expected error
Username: "user", }{
Cfg: cfg, {
} name: "When brute force protection enabled and user login attempt count is less than max",
loginAttempts: maxInvalidLoginAttempts - 1,
Convey("When user login attempt count equals max-1 ", func() { cfg: cfgWithBruteForceLoginProtectionEnabled(t),
withLoginAttempts(maxInvalidLoginAttempts - 1) expected: nil,
err := validateLoginAttempts(query) },
{
Convey("it should not result in error", func() { name: "When brute force protection enabled and user login attempt count equals max",
So(err, ShouldBeNil) loginAttempts: maxInvalidLoginAttempts,
}) cfg: cfgWithBruteForceLoginProtectionEnabled(t),
}) expected: ErrTooManyLoginAttempts,
},
Convey("When user login attempt count equals max ", func() { {
withLoginAttempts(maxInvalidLoginAttempts) name: "When brute force protection enabled and user login attempt count is greater than max",
err := validateLoginAttempts(query) loginAttempts: maxInvalidLoginAttempts + 1,
cfg: cfgWithBruteForceLoginProtectionEnabled(t),
Convey("it should result in too many login attempts error", func() { expected: ErrTooManyLoginAttempts,
So(err, ShouldEqual, ErrTooManyLoginAttempts) },
})
}) {
name: "When brute force protection disabled and user login attempt count is less than max",
Convey("When user login attempt count is greater than max ", func() { loginAttempts: maxInvalidLoginAttempts - 1,
withLoginAttempts(maxInvalidLoginAttempts + 5) cfg: cfgWithBruteForceLoginProtectionDisabled(t),
err := validateLoginAttempts(query) expected: nil,
},
Convey("it should result in too many login attempts error", func() { {
So(err, ShouldEqual, ErrTooManyLoginAttempts) name: "When brute force protection disabled and user login attempt count equals max",
}) loginAttempts: maxInvalidLoginAttempts,
}) cfg: cfgWithBruteForceLoginProtectionDisabled(t),
expected: nil,
Convey("When saving invalid login attempt", func() { },
defer bus.ClearBusHandlers() {
createLoginAttemptCmd := &models.CreateLoginAttemptCommand{} name: "When brute force protection disabled and user login attempt count is greater than max",
loginAttempts: maxInvalidLoginAttempts + 1,
bus.AddHandler("test", func(cmd *models.CreateLoginAttemptCommand) error { cfg: cfgWithBruteForceLoginProtectionDisabled(t),
createLoginAttemptCmd = cmd expected: nil,
return nil },
}) }
err := saveInvalidLoginAttempt(&models.LoginUserQuery{ for _, tc := range testCases {
Username: "user", t.Run(tc.name, func(t *testing.T) {
Password: "pwd", withLoginAttempts(t, tc.loginAttempts)
IpAddress: "192.168.1.1:56433",
Cfg: setting.NewCfg(), query := &models.LoginUserQuery{Username: "user", Cfg: tc.cfg}
}) err := validateLoginAttempts(query)
So(err, ShouldBeNil) require.Equal(t, tc.expected, err)
Convey("it should dispatch command", func() {
So(createLoginAttemptCmd, ShouldNotBeNil)
So(createLoginAttemptCmd.Username, ShouldEqual, "user")
So(createLoginAttemptCmd.IpAddress, ShouldEqual, "192.168.1.1:56433")
})
})
}) })
}
}
func TestSaveInvalidLoginAttempt(t *testing.T) {
t.Run("When brute force protection enabled", func(t *testing.T) {
t.Cleanup(func() { bus.ClearBusHandlers() })
createLoginAttemptCmd := &models.CreateLoginAttemptCommand{}
bus.AddHandler("test", func(cmd *models.CreateLoginAttemptCommand) error {
createLoginAttemptCmd = cmd
return nil
})
err := saveInvalidLoginAttempt(&models.LoginUserQuery{
Username: "user",
Password: "pwd",
IpAddress: "192.168.1.1:56433",
Cfg: cfgWithBruteForceLoginProtectionEnabled(t),
})
require.NoError(t, err)
require.NotNil(t, createLoginAttemptCmd)
assert.Equal(t, "user", createLoginAttemptCmd.Username)
assert.Equal(t, "192.168.1.1:56433", createLoginAttemptCmd.IpAddress)
})
Convey("Given brute force login protection disabled", func() { t.Run("When brute force protection disabled", func(t *testing.T) {
cfg := setting.NewCfg() t.Cleanup(func() { bus.ClearBusHandlers() })
cfg.DisableBruteForceLoginProtection = true
query := &models.LoginUserQuery{ var createLoginAttemptCmd *models.CreateLoginAttemptCommand
Username: "user", bus.AddHandler("test", func(cmd *models.CreateLoginAttemptCommand) error {
Cfg: cfg, createLoginAttemptCmd = cmd
} return nil
})
Convey("When user login attempt count equals max-1 ", func() {
withLoginAttempts(maxInvalidLoginAttempts - 1) err := saveInvalidLoginAttempt(&models.LoginUserQuery{
err := validateLoginAttempts(query) Username: "user",
Password: "pwd",
Convey("it should not result in error", func() { IpAddress: "192.168.1.1:56433",
So(err, ShouldBeNil) Cfg: cfgWithBruteForceLoginProtectionDisabled(t),
})
})
Convey("When user login attempt count equals max ", func() {
withLoginAttempts(maxInvalidLoginAttempts)
err := validateLoginAttempts(query)
Convey("it should not result in error", func() {
So(err, ShouldBeNil)
})
})
Convey("When user login attempt count is greater than max ", func() {
withLoginAttempts(maxInvalidLoginAttempts + 5)
err := validateLoginAttempts(query)
Convey("it should not result in error", func() {
So(err, ShouldBeNil)
})
})
Convey("When saving invalid login attempt", func() {
defer bus.ClearBusHandlers()
var createLoginAttemptCmd *models.CreateLoginAttemptCommand
bus.AddHandler("test", func(cmd *models.CreateLoginAttemptCommand) error {
createLoginAttemptCmd = cmd
return nil
})
err := saveInvalidLoginAttempt(&models.LoginUserQuery{
Username: "user",
Password: "pwd",
IpAddress: "192.168.1.1:56433",
Cfg: cfg,
})
So(err, ShouldBeNil)
Convey("it should not dispatch command", func() {
So(createLoginAttemptCmd, ShouldBeNil)
})
})
}) })
require.NoError(t, err)
require.Nil(t, createLoginAttemptCmd)
}) })
} }
func withLoginAttempts(loginAttempts int64) { func cfgWithBruteForceLoginProtectionDisabled(t *testing.T) *setting.Cfg {
t.Helper()
cfg := setting.NewCfg()
cfg.DisableBruteForceLoginProtection = true
return cfg
}
func cfgWithBruteForceLoginProtectionEnabled(t *testing.T) *setting.Cfg {
t.Helper()
cfg := setting.NewCfg()
require.False(t, cfg.DisableBruteForceLoginProtection)
return cfg
}
func withLoginAttempts(t *testing.T, loginAttempts int64) {
t.Helper()
bus.AddHandler("test", func(query *models.GetUserLoginAttemptCountQuery) error { bus.AddHandler("test", func(query *models.GetUserLoginAttemptCountQuery) error {
query.Result = loginAttempts query.Result = loginAttempts
return nil return nil
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment